package cn.bonoon.controllers.user;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

import cn.bonoon.core.plugins.AccountService;
import cn.bonoon.kernel.security.LogonUser;
import cn.bonoon.kernel.web.controllers.AbstractController;
import cn.bonoon.kernel.web.models.DialogModel;
import cn.bonoon.kernel.web.models.FormModel;
import cn.bonoon.kernel.web.models.JsonResult;
import cn.bonoon.kernel.web.models.StandardModel;
import cn.bonoon.util.VerifyCodeHelper;

@Controller
@RequestMapping("/s/user/change")
public class ChangePasswordController extends AbstractController {
	private AccountService accountService;

	//密码表达式
	@Value("${user.password.pattern}")
	private String pattern;
	
	//密码不全规则提示
	@Value("${user.password.pattern.exception}")
	private String patternException;
	
	//强制修改密码提示
	@Value("${user.forced.change.password.message}")
	private String forcedMessage;
	
	private String sumbitUrl;

	@Autowired
	public ChangePasswordController(AccountService accountService) {
		this.accountService = accountService;
	}
	@Override
	public void afterPropertiesSet() throws Exception {
		super.afterPropertiesSet();
		this.sumbitUrl = toUrl("/u/user/change/submit.b");
	}

	@RequestMapping(value = "pwd.b", method = { RequestMethod.POST, RequestMethod.GET })
	public final ModelAndView get(HttpServletRequest request) {
		
		StandardModel mv;
		if ("d".equals(request.getParameter("t"))) {
			DialogModel di = new DialogModel("pwd-editor", request);
			if("t".equals(request.getParameter("f"))){
				di.setClosable(false);
				di.addObject("message", forcedMessage);
				di.setTitle("强制修改密码");
			}else{
				di.setTitle("修改密码");//.button("提交", sumbitUrl);
			}
			di.setMaster("layout-dialog-simple.vm");
			
			di.addObject("isDialog", true);
			mv = di;
		} else {
			FormModel fm = new FormModel(null, request);
			fm.setMaster("frame-form.vm");
			fm.button("提交", sumbitUrl);
			mv = fm;
		}
		
		return _execute(mv);
	}

	private StandardModel _execute(StandardModel model) {
		model.addObject("name", getUser().getDisplayName());
		model.addObject("pattern", pattern);
		model.addObject("patternException", patternException);

		return model.execute("change-pwd");
	}

	@ResponseBody
	@RequestMapping(value = "submit.b", method = RequestMethod.POST)
	public JsonResult save(HttpServletRequest request, String oldPwd, String newPwd, String cfPwd, String validateCode) {
		try {
			VerifyCodeHelper.verify(request, 1, validateCode);
			LogonUser user = getUser();
			if (null == user) throw new Exception("当前用户没有登录,无法修改密码!");

			//oldPwd = RSAManager.rsaManager.decryptJSString(oldPwd);
			//newPwd = RSAManager.rsaManager.decryptJSString(newPwd);
			//cfPwd = RSAManager.rsaManager.decryptJSString(cfPwd);
	        //TODO 这里需要注意，从界面传过来的密码已经使用了MD5进行加密
			accountService.modify(user.getId(), oldPwd, newPwd, cfPwd);
			user.getRuntime().changePwd();
			return JsonResult.result();
		} catch (Throwable t) {
			return JsonResult.result(t);
		}
	}
}
